Absent Member.
Absent Member.

LOC on fortify different from LOCMetrics

Guys, I was analysing a system with Fortify AuditWorkbench.

I realized that the total of LOC on fortify is completely different from LOCMetrics. Can anyone tell me why this happens? And what Fortify considers a executable LOC.


Tags (1)
2 Replies
Absent Member.
Absent Member.

No one?

Micro Focus Expert
Micro Focus Expert

As I have seen in internal discussions for this topic, the typical e-LOC value reported by Fortify is generally equivalent to the total lines of code the customer thinks they have divided by 3.  That is just a rule of thumb estimate that we have seen.  Our own teams have investigated with a variety of code counters and have found the inconsistency in their counts in comparison to one another to be a consistent issue for the market!  It is also important to ensure the tools are comparing the same number of files, making sure that only like with like is compared (e.g. only Java with Java), etcetera.

If you have a Fortify Support portal account (customers should have these), the following article titled, "How does SCA calculate LOC", may help explain.  There are a few secondary versions of this KB article focused on select IDE or languages such as, "Why is the LOC different in my ____ versus AWB?".


Question: How does SCA calculate LOC

Answer: Total LOC is counted by a third party step counter tool, and Executable LOC is counted by SCA itself. SCA only counts executable code and it does not include the following code elements.

- blank line

- comment

- brace {}

- import statement

- annotation

- #define, #include


- data definition language directive


Upon request, there is a set of Fortify Support tools that can help break down in detail how SCA/AWB has counted your particular Project.  Here is that toolset if you wish to pursue this with Support.

  • ScaFileMatch.jar
  • ScaFileMatch.properties
  • ScaFileMatch.txt
  • ScaFileMatchUsage.txt

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.